none
IIS question concerning authentication request when 1 of 2 DCs go down!

    General discussion

  • I know there's no IIS forum on this site but this question lends itself to IIS and Active Directory. We have 2 DCs and a IIS-based web application. The application has a web service that authenticate through AD on every click of the website. He had a 1 of the 2 DCs go down. The web application stopped responding. No 404 errors or anything like that, it just spun its wheels when you attempted to browse the site. We suspect that either AD didn't immediately or there is a timeout/retry setting in IIS that needs to be adjusted when authentication takes to long. Can anyone verify these ideas?

    Gerald Geiger

    Friday, February 07, 2014 9:03 PM

All replies

  • Hiya,

    Whenever you attempt authentication against the domain, it would be asking on the domain name and not on a specific domain controller. Asking the domain name will give a DC that responds. There are a few things which could cause what you experienced:

    1: Your web server only has one DNS server configured(DC01). Meaning that it could not perform name requests for the domain when DC01 was down.

    2: Your web application has hard coded the DC01 name in a custom authentication connection string. (If its not using Windows Authentication on the IIS site.)

    You should be able to ping the domain and get a responds. Then take down DC01, ping the domain and still get a responds.

    Saturday, February 08, 2014 11:42 AM
  • I know there's no IIS forum on this site but this question lends itself to IIS and Active Directory. We have 2 DCs and a IIS-based web application. The application has a web service that authenticate through AD on every click of the website. He had a 1 of the 2 DCs go down. The web application stopped responding. No 404 errors or anything like that, it just spun its wheels when you attempted to browse the site. We suspect that either AD didn't immediately or there is a timeout/retry setting in IIS that needs to be adjusted when authentication takes to long. Can anyone verify these ideas?

    Gerald Geiger

    There is a Microsoft IIS forum, but for some reason it is not in the Technet forum stable. It is here.

    http://forums.iis.net/


    Bill

    Sunday, February 09, 2014 6:33 AM
  • Hi,

    What is the current issue status? Please try Jesper's suggestion, point your IIS to both DCs.

    Any further assistance regarding to IIS, please post in the IIS forum as Bill provided.

    Regards,

    Yan Li


    Regards, Yan Li

    Tuesday, February 11, 2014 3:25 AM